Skip to main content
WalnutsHR
Back to blog
ComplianceChecklistsHR

HR Audit Checklist: 20 Things to Review This Quarter

WTWalnutsHR Team10 min left

Key Takeaways

  • 1Quarterly HR audits catch small problems before they become expensive violations
  • 2Employment records, compliance, policies, benefits, and safety are the five core audit categories
  • 3A red flag on any single item does not mean failure β€” it means you found the problem before a regulator did

An HR audit is not something most small teams look forward to. It sounds formal, time-consuming, and like something only large enterprises with compliance departments need to worry about. But the companies that get blindsided by a wage claim, a failed I-9 audit, or a wrongful termination suit almost always share one trait: they never looked until someone forced them to.

A quarterly HR audit takes a few hours. A compliance violation takes months and thousands of dollars to resolve. The math is straightforward.

When to run an HR audit

Quarterly: Review the 20 items below at a surface level. Are records current? Are policies being followed? Are there obvious gaps?

Annually: Go deeper. Pull a sample of employee files and audit them completely. Review every policy for legal changes. Benchmark benefits against market data.

Immediately: After any compliance scare, employee complaint, government inquiry, or significant organizational change (merger, rapid hiring, layoffs, new state/province).

This checklist covers the essentials across five categories. For each item, we describe what to check, what "good" looks like, and what should raise a red flag. If you want to track your audit progress interactively, use the checklist at the bottom.

Category 1: Employment Records

1. Employee files are complete and current

What to check: Pull a random sample of 20% of employee files. Each should contain a signed offer letter, tax forms, emergency contact information, signed handbook acknowledgment, and any performance documentation.

Good looks like: Every file has the same core documents, organized consistently. Nothing is missing. Files for terminated employees are stored separately with proper retention.

Red flag: Files with missing offer letters, unsigned handbook acknowledgments, or gaps in documentation. If you cannot produce a complete file for any current employee within five minutes, that is a problem.

2. I-9 forms are completed correctly and on time

What to check: Audit I-9 forms for completeness. Section 1 should be completed by the employee on or before the first day. Section 2 must be completed by the employer within three business days of the start date. Verify that acceptable documents were used and that no expired I-9 forms are on file.

Good looks like: Every current employee has a properly completed I-9 with the correct form version. Retention schedule is followed (three years from hire date or one year after termination, whichever is later).

Red flag: Missing I-9s, Section 2 completed late, wrong form version, or the employer specified which documents the employee should provide (this is a discrimination risk). See our compliance mistakes guide for more on I-9 pitfalls.

3. Job descriptions match actual roles

What to check: Compare written job descriptions to what employees actually do. Focus especially on FLSA classification β€” exempt vs. non-exempt status must reflect actual job duties, not just the title.

Good looks like: Job descriptions are reviewed annually and updated when roles change. Exempt/non-exempt classifications are based on duties tests, not salary alone.

Red flag: Employees whose daily work bears little resemblance to their job description, or classifications that were set at hire and never revisited. Misclassification is one of the most common and most expensive wage-and-hour violations.

4. Compensation records are accurate and consistent

What to check: Verify that every employee's current compensation matches what is documented in their file and in payroll. Check that pay changes (raises, promotions, bonuses) are documented with effective dates.

Good looks like: A clear trail from offer letter to current compensation, with every change documented and dated. Payroll records match HR records exactly.

Red flag: Discrepancies between what HR shows and what payroll shows, undocumented pay changes, or compensation decisions with no written rationale (this creates equal-pay risk).

Category 2: Compliance

5. Required labor law postings are displayed

What to check: Federal, state/provincial, and local labor law posters must be physically posted in a conspicuous location. For remote teams, electronic distribution of required notices is typically acceptable, but requirements vary by jurisdiction.

Good looks like: Current-year posters are displayed. Remote employees have received electronic copies. You have a process to update posters when laws change.

Red flag: Outdated posters, no remote employee distribution process, or complete unawareness that posting requirements exist. Fines are typically small per violation, but they signal broader compliance gaps.

6. Wage and hour practices comply with applicable law

What to check: Minimum wage compliance (check state/provincial and local rates, which often exceed federal), overtime calculations, meal and rest break policies, and final paycheck timing requirements.

Good looks like: Written policies that reference the correct wage floors for every jurisdiction where you have employees. Overtime calculations account for all required forms of compensation. Managers understand break requirements.

Red flag: Using federal minimum wage as your default, no overtime tracking for non-exempt employees, or a "we don't really track breaks" culture. Wage-and-hour class actions are among the most common and most expensive employment lawsuits.

5 categories
to audit quarterly

Employment records, compliance, policies, benefits, and safety β€” covering the full scope of HR risk

7. Anti-discrimination and harassment policies are current

What to check: Review your anti-discrimination and anti-harassment policies for compliance with current federal, state/provincial, and local laws. Verify that required training has been completed and documented.

Good looks like: Policies updated within the last 12 months, training completed on schedule with records retained, and a clear reporting mechanism that employees know about.

Red flag: Policies that have not been updated since the company was founded, no training records, or a reporting mechanism that routes complaints only through the accused person's direct manager.

8. State/provincial-specific requirements are met

What to check: For every jurisdiction where you have employees, verify compliance with that jurisdiction's specific requirements: paid leave laws, pay transparency rules, non-compete restrictions, and any industry-specific regulations.

Good looks like: A jurisdiction-by-jurisdiction compliance matrix that is reviewed whenever you hire in a new location. Someone is accountable for monitoring regulatory changes.

Red flag: A "one-size-fits-all" approach that defaults to headquarters' state or province. If you have employees in multiple jurisdictions and cannot articulate the key differences between them, this is a gap.

Category 3: Policies

9. Employee handbook is current and acknowledged

What to check: When was the handbook last updated? Does it reflect current laws and company practices? Has every current employee signed an acknowledgment?

Good looks like: Handbook updated within the last 12 months, acknowledgments on file for every employee, and a process to redistribute when changes are made.

Red flag: A handbook that references outdated laws, policies that no longer match actual practice, or missing acknowledgments. An unacknowledged handbook is nearly as weak as no handbook in a legal dispute.

10. PTO and leave policies are documented and consistently applied

What to check: Review your PTO policy for clarity, legal compliance, and consistent application. Check accrual calculations, carryover rules, and payout provisions against applicable state/provincial law.

Good looks like: A written policy that specifies accrual rates, carryover limits, approval processes, and payout terms. Balances are tracked in a centralized system and match what employees expect.

Red flag: Use-it-or-lose-it provisions in jurisdictions where they are illegal, inconsistent enforcement across teams or managers, or PTO tracked in a spreadsheet that nobody trusts. WalnutsHR's time-off tracking eliminates these gaps automatically.

11. Disciplinary and termination procedures are documented

What to check: Is there a written progressive discipline process? Are managers trained on documentation requirements? Are termination decisions reviewed before execution?

Good looks like: A clear, written process that managers follow. Termination files include documentation of prior issues, warnings, and the business rationale. At least one person reviews termination decisions before they are communicated.

Red flag: Terminations with no prior documentation, managers who "just fire people" without following a process, or a pattern of terminations concentrated in a protected class without a clear business justification.

12. Remote work and hybrid policies are clear

What to check: If you have remote or hybrid workers, is there a written policy covering expectations, equipment, expense reimbursement, and jurisdiction-specific requirements?

Good looks like: A remote work policy that addresses work hours, communication expectations, equipment provisions, and expense reimbursement. The policy accounts for tax and compliance implications of employees working from different jurisdictions.

Red flag: No written remote work policy despite having remote employees, or a policy that was drafted during the pandemic and never updated. Expectations that exist only as unwritten norms.

Category 4: Benefits

13. Benefits enrollment records are accurate

What to check: Verify that every eligible employee is enrolled in the correct benefits plan. Check that life events (marriage, birth, termination) triggered the appropriate enrollment changes.

Good looks like: Benefits records match payroll deductions. Eligible employees who declined coverage have signed waivers on file. Open enrollment materials were distributed on time.

Red flag: Employees paying for coverage they did not elect, missed enrollment windows with no documentation, or no waiver on file for employees who declined benefits.

14. Benefits compliance requirements are met

What to check: Depending on your size and jurisdiction, verify compliance with applicable benefits laws β€” ACA employer mandate, COBRA notices, ERISA requirements, or Canadian provincial health plan registrations.

Good looks like: Required notices distributed on time, plan documents filed as required, and a clear process for triggering COBRA or equivalent notices upon qualifying events.

Red flag: No process for COBRA notifications, missed ACA reporting deadlines, or plan documents that have never been reviewed by benefits counsel.

15. Retirement plan administration is current

What to check: If you offer a retirement plan (401k, RRSP matching, etc.), verify that contributions are deposited on time, matching formulas are applied correctly, and required notices are distributed.

Good looks like: Contributions deposited within the required timeframe after each payroll. Annual notices distributed on schedule. Plan documents reviewed within the last three years.

Red flag: Late contribution deposits (this is a fiduciary violation), incorrect matching calculations, or required annual notices that were never sent.

16. Equity and compensation are reviewed for pay equity

What to check: Analyze compensation data for unexplained disparities based on gender, race, or other protected characteristics. Compare similar roles, experience levels, and performance ratings.

Good looks like: Regular pay equity analysis (at least annually), documented rationale for pay differences, and a remediation plan for any unexplained gaps. Many jurisdictions now require pay transparency in job postings.

Red flag: No pay equity analysis has ever been conducted, significant unexplained gaps exist, or compensation decisions are made without standardized criteria.

Category 5: Safety

17. Workplace safety policies are current

What to check: Review workplace safety policies and procedures, including emergency protocols, accident reporting, and ergonomic assessments. For remote workers, check that home workspace safety has been addressed.

Good looks like: Written safety policies reviewed annually, emergency procedures posted and practiced, and incident reports filed and followed up on promptly.

Red flag: No written safety procedures, outdated emergency contacts, or a pattern of unreported incidents.

18. Workers' compensation coverage is active and adequate

What to check: Verify that workers' compensation insurance is active, premiums are current, and coverage is adequate for your employee count and risk profile. Check that injury reporting procedures are in place.

Good looks like: Active coverage with no lapse, premiums based on current payroll and classification codes, and a clear injury reporting process that managers understand.

Red flag: Coverage lapse, incorrect classification codes (which can lead to audit penalties), or managers who do not know how to report a workplace injury.

19. Health and safety training is completed

What to check: Verify that required health and safety training has been completed and documented. Requirements vary by jurisdiction and industry β€” at minimum, new hire orientation should cover emergency procedures and reporting mechanisms.

Good looks like: Training records for all employees, refresher training on schedule, and documented acknowledgment that employees understand reporting procedures.

Red flag: No training records, training that has not been refreshed since the employee was hired, or an inability to identify what training is legally required in your jurisdiction.

20. Return-to-work and accommodation procedures exist

What to check: Do you have a process for managing return-to-work after injury or illness? Are accommodation requests handled through a documented interactive process?

Good looks like: A written return-to-work policy, a documented interactive process for accommodation requests, and records showing that requests were evaluated individually and in good faith.

Red flag: No accommodation process, blanket denials of accommodation requests, or a pattern of employees being terminated shortly after requesting accommodations.

The Full 20-Item Audit Checklist

Use this interactive checklist to track your progress through the audit. Save your progress and revisit quarterly.

Quarterly HR Audit Checklist

0/20 complete

What to Do With Your Results

A perfect score is not the goal β€” finding problems before they find you is the goal. Prioritize any red flags by risk level:

1

Fix immediate legal risks first

Missing I-9s, lapsed workers comp coverage, wage and hour violations, and missing anti-harassment training are your highest-priority items. These carry direct financial penalties.

2

Address documentation gaps

Missing handbook acknowledgments, undocumented terminations, and incomplete employee files create legal exposure but are straightforward to fix.

3

Update stale policies

Outdated handbooks, old job descriptions, and policies that no longer match practice are lower urgency but should be refreshed within the quarter.

4

Build ongoing processes

The best audit is one that finds nothing β€” because your systems catch issues in real time. Invest in tools and workflows that make compliance automatic, not annual.

If your audit revealed more gaps than you expected, you are not alone. Most growing teams accumulate HR debt the same way they accumulate technical debt β€” gradually, and then suddenly. The right HR software turns a quarterly scramble into a continuous process. You can explore our resources for templates and guides to help close the gaps you found today.

Ready to make HR audits painless? Check our pricing or get started free with WalnutsHR and build compliance into your daily operations.

Get HR insights delivered

Join growing teams who get practical HR advice in their inbox. Unsubscribe anytime.

How was this article?

Share
WT

WalnutsHR Team

The WalnutsHR team shares practical advice on HR, team building, and growing your company β€” from the people building modern HR software.

Keep reading

ComplianceTemplates

How to Build an Employee Handbook in One Day

You don't need a lawyer or a month of work to create an employee handbook. Here's a practical, step-by-step guide to building one in a single day.

Read more
ComplianceLeadership

How to Handle Employee Terminations Legally in 2026

Employee terminations carry significant legal risk when handled poorly. Here's a practical guide to the documentation, process, and post-termination steps that protect your company.

Read more
Canadian HRCompliance

Why Canadian Companies Need Canadian HR Software

Data residency, PIPEDA compliance, and CRA requirements make choosing the right HR software critical for Canadian businesses. Here's what you need to know.

Read more

Like what you're reading?

WalnutsHR helps growing teams manage HR without the headaches. Try it free.

Get started for free View pricing

Free forever for small teams Β· No credit card required